none
How to import/convert an existing .inf template into the SCM .cab format

    Question

  • I really like Security Compliance Manager (SCM) and the effort of MS to convert their security configuration guides into the SCM .cab format. However, I am having difficulty with converting/importing existing MMC > Security Templates that are in .inf format into the SCM tool. The only option for importing third party baselines is in .cab format.

    Has anyone figured out how to import/convert an existing .inf template into the SCM .cab format?

     

     

    Friday, April 23, 2010 6:37 PM

Answers

All replies

  • I've quoted a team-mate to answer this question.

     

    “Importing a security template INF file into SCM is not currently supported. We are working on new functionality that will enable the tool to support importing GPO backups (which include INF files) and DCM packs. Until that functionality is made available, updating or modifying an existing baseline with the contents of an INF file is strictly a manual process best accomplished thru the SCM UI.”

     

    Sincerely,

     

    Jeffrey M (MSFT)

    Friday, April 30, 2010 7:58 PM
  • Hi Richard, importing INF into SCM is not supported in this release. We are under discussion about importing GPO in which includes INF template. Do you mind to participate the requirement conversation for this support?

    Thanks,

    Michael Tan

    Dev lead

    Security Compliance Manager

    Monday, May 03, 2010 4:43 PM
  • Hello,

    We are doing a GPO audit of a large organization with over 400 servers.  I love the SCM tool, but there seems no way to import the current server baselines from a 2003 domain and then compare to them to the Microsoft Baselines in SCM.  I understand that using the new GPMC in RSTAT I can import, and export CAB files from the Starter GPO section, however there is no way to take an existing 2003 policies and covert them to a cab file that can be imported into SCM. 

    A really good option in SCM would be ability to point to a 2003+ server in the domain from the SCM console, and extract the baselines remotely.  Using this method, the queries could be stored in the SCM database, and then rerun as required to perform yearly audits.  Additionally the queries could be exported, and saved on per client basis for companies like mine to do yearly audits without reinventing the whole process each time.  I understand that DCM can do this, but not every client has SCCM installed, and doing so just for this functionality may be over kill. 

    So question is: How can I best use SCM to audit, configure baselines for a 2003 Domain?

    Phil de greve

    Thursday, May 06, 2010 7:16 PM
  •  Thank you

    This work by panzio is licensed under a Creative Commons Attribution 3.0 United States License
    Creative Commons License


    Need Help
    • Proposed as answer by TM-naiman Friday, May 07, 2010 12:12 AM
    Friday, May 07, 2010 12:12 AM
  • Maybe, I missed something, but, if you can't import your own baseline as an .inf and you can't create a custom baseline in the .cab format.  How are you supposed to use this tool?  Is it even possible to use SCM in an "offline" fashion ie disconnected from the Internet?

    Wednesday, May 12, 2010 8:08 PM
  • I'm with you LA Richards.  I'm a huge fan of this tool so far.  The only problem I am having is the baselines for server 2008 do not follow the CIS recommendations for security, which my company is using as a guideline.  How can we get a baseline that has all the Group Policy objects in it so i can use and hide what we aren't going to use?

    Thursday, May 13, 2010 4:04 PM
  • I have to say I agree. I installed this not 10 mins ago and thought 'wow this looks great'.  Then I went around looking for how I would import our current custom security baselines into the system to compare and found this out.  Unfortunately it's become another great example of MS software missing basic functionality required to be actually useful.  Please hurry up with a update.
    Tuesday, June 08, 2010 12:28 PM
  • Is there any timeline or estimated guess if/when this function might be made available in the SCM tool? OR do I have to move everything into another toolset or vendor solution in order to compare .inf and SCM .cab files?

    This continues to be an issue. We are government compliant and have to apply and be audited to DISA STIGs. Their web site delivers the standard as .inf files.

    I like the SCM concept, but I need to be able to import the applicable .inf files and compare the baselines.

    ---- Example ----

    The STIGs and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems.Developed by DISA for the DoD.

    http://iase.disa.mil/stigs/checklist/index.html

    The Windows 2008 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems.  The requirements were developed from Federal and DoD consensus, as well as the Windows 2008 Security Guide and security templates published by Microsoft Corporation.  The vulnerabilities discussed in this document are applicable to Windows 2008 (all versions).

    Example for WinSrv08 compliance, the download zip contains:
    sceregvl.inf
    U_FSO2008DC_Analyze_only_V6R1.10.inf
    U_FSO2008MS_Analyze_only_V6R1.10.inf

    This document is meant for use in conjunction with other applicable STIGs and Checklists such as Directory Services, Web, DNS, Database, Secure Remote Computing, and Desktop Applications.

    Each of the above have their own .inf files for compliance. This means I need a way to load the SCM.cab vendor best practice, platform OS .inf, and application .inf files all into SCM to compare the layered results. This might also include current production .inf and NSA/NIST .inf files.  

    Wednesday, June 09, 2010 6:01 PM
  • Hi friends,

    SCM seems to be a wonderful tool, however, untill we couldn't convert an INF file into a CAB one or something like that, this tool won't be as useful as it could be.

    I wish you could add this feature soon.

    Thanks,

    Friday, August 20, 2010 6:39 PM
  • Hi all,

    Well it's with no little disgust or disappointment that I've come across this thread in Mar 2011 and still MS have not released an updated SCM with the functionality that we require!

    Like most of the other posters on here I actually do like the tool and can see it saving time and making certain tasks a breeze but cant help wander why they didnt include the ability to import an existing GPO back-up into the tool to compare against the available baselines???

    Please please give us some REAL indication of when we can expect the V2 of SCM which has reviews out there on the holy grail functionality of being able to import an existing GPO for comparison...this self same reviews make mention that it was imminent "any day soon" and were written back in Feb!

    • Proposed as answer by nagwu Thursday, October 10, 2013 5:55 PM
    Thursday, March 10, 2011 1:54 PM
  • Fixed. Sorry about the wait and the lack of communication! My fault - send your flame mails my way - I can take it! :)

    http://blogs.technet.com/b/secguide/archive/2011/03/10/scm-v2-ctp-available-to-download.aspx

    -jeff

    Thursday, March 10, 2011 10:08 PM